/ July 20, 2020
Banks foresee the risk of losing a valuable customer base due to the advent of Open Banking. Over time customers will use an array of highly advanced yet simplified banking products and services from multiple providers. This might yield lower returns for the banks. Banks are also concerned that customers may be exposed to a range of threats associated with security and data loss. The regulatory framework is yet to be strengthened. In this second part, we cover the risks associated with Open Banking and how these are balanced with various opportunities that it brings.
Identifying the risks
Open banking may offer benefits in the form of convenient access to financial data and services to consumers and streamlining some costs for financial institutions. However, it also potentially poses severe risks to financial privacy and the security of consumers' finances, as well as resulting liabilities to financial institutions. Open banking APIs need to be without security risks, such as the potential for a malicious third-party app to clean out a customer's account. This would be an extreme (and less likely) threat. Much broader concerns would simply be data breaches due to poor security, hacking, or insider threats that have become relatively widespread in the modern era, including at financial institutions, and will likely remain commonplace as more data becomes interconnected in more ways.
A shift in competitive and marketing outlook
Open banking is likely to alter the competitive landscape of the financial services industry, which could benefit consumers by increasing competition as described above, but could also have the reverse effect and increase consumer costs if it leads to consolidation in financial services, due to the natural economies of scale from big data and network effects. Resulting from market concentration and associate pricing power could more than offset any cost advantages to consumers. Such market consolidation has already been seen and widely criticized in other Internet-based services, such as online shopping, search engines, and social media, in that it is widely believed by consumers and regulators to result in misuse of customers' data by tech giants for their benefit. Beyond the direct costs of market concentration, similar misuse of customers’ private financial data could ultimately raise even greater concerns.
Information sharing may be partial, incomplete and incompatible
Before banks offer open banking, the closest thing available was aggregation sites like Aditya Birla My Universe that combine users' account information from all their financial institutions so they can see it in one place. Such services accomplish this by requiring users to hand over their usernames and passwords for each account, then scraping the data off the screens of those accounts. This practice has security risks and the results of screen scraping are not always entirely accurate, making it difficult at times for users to identify transactions. Also, users may find that not all of their financial accounts are compatible with account aggregation services, preventing them from getting a true or complete picture of their finances. APIs like UPI and Paytm are considered as more secure options because they enable applications to share data directly without sharing account credentials.
Open banking relies on sharing data, but you might prefer to keep your information private. Fortunately, open banking should not automatically reduce security or privacy. TPPs and banks would need to take steps to protect confidential information and to educate consumers about the new risks they face.
Open banking initiatives typically specify when and how financial institutions can share your data. For example, U.K. regulators require customers to approve of information-sharing with specific parties. U.S. banks already control (and limit) how your information is shared, with input from you, and they don’t seem eager to give up that ability.
Any sharing you authorize puts your information into somebody else’s hands. Then you need to wonder how effective that TPP will be at protecting your information—and what they’ll do with the data.
Changing operational ecosystem
In the new ecosystem of Open Banking, APIs have emerged as a powerful channel for doing business. A recent report by the European Banking Association (EBA) reveals that through adopting and deploying APIs banks can extend and enhance their native services and offerings. Open Banking APIs enhance the appeal of a bank and enable them to meet the changing demands of existing customers as well as gain new customers. These APIs can also serve as a unique way to increase customer engagement and attend customer needs in a secure and agile manner.
Such engagement is crucial, especially as upstarts and new entrants continue to disrupt the financial services industry. More services, offerings, and devices are entering the market, leading to an increasingly competitive environment for traditional banks, changing customer expectations. This competitive landscape creates challenges for traditional banks and forces them to further innovate to retain and attract customers.
Balancing the risks
Now we know that Open Banking APIs are not without security risks, such as the potential for a malicious third-party app to clean out a customer’s account. Therefore cyber-security remains one of the biggest priorities for the country at a time when it is also making a push towards a cashless economy, underpinned by a high number of online transactions.
The apex bank has recommended that banks and other financial institutions must primarily identify the risks in their existing frameworks before making the next move. In addition to this, other factors such as board oversight, policies, processes, and more must be adopted for use in the digital age. The importance of cyber-security and cyber-risk frameworks is the need of the hour now.
Moreover, banks need to maintain continuous surveillance of both online and offline access to bank systems. Vulnerabilities must also be tested regularly to ensure that without authorization no one can access the system, hence, reducing the scope for hackers.
Though identity verification and fraud prevention are important opportunities for banks’ open API initiatives, there are risks associated with data loss, identity theft, data protection violations, money laundering, and financing terrorism. With banks aiming to go fully digital, their operations will be completely managed over the web; this itself creates an environment for higher chances of fraudulent activities.
However, there is still plenty of room left to grow and prosper. With Open Banking carrying the potential to change the way we bank, the need of the hour is to use technology mindfully. Also to keep the consumer’s trust intact by taking necessary measures before authorizing third parties to access customer data.
There is little doubt that Open Banking can streamline operations and make savings in time and money across industries and job functions and it should be adopted with an open mindset.
Coming up next - Open Banking – Opening New Avenues in Banking (Part-3, Concluding Part)
In this third and concluding part of the series, the scope of open banking in India is assessed. We are moving aggressively on the lines of digitalizing the processes to reduce manual interface as far as possible on both financial institutions and customer's fronts. Certain events like demonetization and Covid-19 spread gave a surge to the volume of digital transactions. However, in India, we are only in the initial stages of implementing open banking. With our size of the population and digital footprint created, it would only be amazing to see the scale of difference that can be brought in the way we have been doing financial transactions, something which the early adopters would not have experienced.